Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Mobile RAT Xsser continues to threaten Android, iOS device security

Researchers warn that a recently discovered mobile trojan called “Xsser mRAT,” still remains a threat to mobile users on both Android and iOS devices.

Lacoon Mobile Security uncovered the mobile remote access trojan (RAT) in September, noting that the threat was related to Android spyware previously spread in Hong Kong. And now, security firm Akamai has observed a Xsser mRAT campaign targeting Android and iOS users in countries throughout Asia, from October through November.

Xsser mRAT infects iOS devices that are jailbroken, and is known for its ability to extract address book data, call logs, SMS messages, location data, pictures, operating system data, and information from a popular Chinese messaging app by Tencent.

In a Wednesday interview with, David Fernandez, head of Akamai's PLXsert team, said that attacks have not been widespread, but that the mobile RAT is “customized specifically for [targeted] devices.”

“To our knowledge, we feel this is a particular actor group with significant resources and an advanced exploitation skill set. These aren't everyday cybercriminals,” he noted.

In a threat advisory (PDF), Akamai said that, upon infection, attackers “received sensitive information about the user's device, providing an opportunity to perform follow-up attacks such as extortion or other social engineering-related attacks against a company or organization.”

The firm added in a Wednesday release that the mobile RAT is spread through man-in-the-middle (MitM) and phishing attacks, “and may involve cellphone tower eavesdropping for location-specific attacks.”

Rod Soto, principal researcher at PLXsert, said in a Wednesday interview with, that the delivery method for the malware often varies, from SMS messages, to phishing and phony app disguises.

“The attackers saw the patterns of the targeted devices, and from there they chose the most express way to deliver the malware,” Soto said.

In its advisory, Akamai said that since, “end-users will find it very difficult to detect whether their phones are under attack from malware such as Xsser mRAT,” that the best security approach is prevention. Taking certain precautions, such as disabling automatic Wi-Fi connections on phones, avoiding the use of free internet hot spots, enabling two-factor authentication as an added layer of protection, and ignoring “sudden or unexpected communications” containing URLs or attachments, were advised.

Akamai also recommended that mobile users not install any application from an “untrusted and unsigned source,” or jailbreak their phones, because doing so exposes saboteurs' attack surface.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.